[Curdle] Protocol Action: 'Deprecate 3DES and RC4 in Kerberos' to Best Current Practice (draft-ietf-curdle-des-des-des-die-die-die-05.txt)
The IESG <iesg-secretary@ietf.org> Fri, 25 May 2018 18:49 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: curdle@ietf.org
Delivered-To: curdle@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D2C8712E6D7; Fri, 25 May 2018 11:49:54 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.80.1
Auto-Submitted: auto-generated
Precedence: bulk
Cc: The IESG <iesg@ietf.org>, ekr@rtfm.com, draft-ietf-curdle-des-des-des-die-die-die@ietf.org, Daniel Migault <daniel.migault@ericsson.com>, curdle-chairs@ietf.org, curdle@ietf.org, daniel.migault@ericsson.com, rfc-editor@rfc-editor.org
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <152727419485.12935.573333848766473918.idtracker@ietfa.amsl.com>
Date: Fri, 25 May 2018 11:49:54 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/yIgpK1usy3vVOktJX6HaAx_9VuM>
Subject: [Curdle] Protocol Action: 'Deprecate 3DES and RC4 in Kerberos' to Best Current Practice (draft-ietf-curdle-des-des-des-die-die-die-05.txt)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 May 2018 18:49:55 -0000
The IESG has approved the following document: - 'Deprecate 3DES and RC4 in Kerberos' (draft-ietf-curdle-des-des-des-die-die-die-05.txt) as Best Current Practice This document is the product of the CURves, Deprecating and a Little more Encryption Working Group. The IESG contact persons are Benjamin Kaduk and Eric Rescorla. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-curdle-des-des-des-die-die-die/ Technical Summary The 3DES and RC4 encryption types are steadily weakening in cryptographic strength, and the deprecation process should be begun for their use in Kerberos. Accordingly, RFC 4757 is moved to Obsolete status, as none of the encryption types it specifies should be used, and RFC 3961 is updated to note the deprecation of the triple-DES encryption types. Working Group Summary No controversy. Document Quality This does not apply here. My understanding is implementations are likely to implement the draft, especially with the "SHOULD NOT" recommendation. Both co-authors expect to start the deprecation process which is slow to achieve as there is now a long deployment history. A deprecation will not remove the actual software implementation right away, but progressively disable it. Personnel Daniel Migault is the shepherd, Eric Rescorla is the AD